Language Selection

English French German Italian Portuguese Spanish

Security and Fear, Uncertainty, Doubt (FUD) Tactics

Filed under
Security
  • Security updates for Wednesday

    Security updates have been issued by Debian (kernel and privoxy), Fedora (libtpms, privoxy, and x11vnc), openSUSE (chromium), Red Hat (.NET 5.0, .NET Core, .NET Core 2.1, .NET Core 3.1, dotnet, and dotnet3.1), SUSE (git, kernel, openssl-1_1, and wpa_supplicant), and Ubuntu (git and openssh).

  • [Older] Use JoomScan to scan Joomla for vulnerabilities on Kali

    When installing a content management system for your website, it's easy to get lazy and assume that it's going to do all the work for you. A CMS like Joomla certainly does make things more convenient, and lets you publish a polished website very quickly, but that doesn't mean you shouldn't take some extra time to secure it.

  • Microsoft Security Researcher Proposes Unprivileged Chroot For Linux [Ed: The same company that puts back doors in everythinfg for the NSA is now posing as "security"; watch the replies in comments]

    Security researcher and Microsoft engineer Mickaël Salaün is proposing unprivileged chroot support for the Linux kernel.

  • Scanning for Secrets in Source Code [Ed: Wrongly insinuating people all use Microsoft proprietary software (NSA PRISM) prison called GitHub]

    As a developer, I admit that I’ve committed secrets to public Github repositories before. Hardcoded secrets have always been a problem in organizations and are one of the first things I look for during a penetration test.
    When developers write secrets such as passwords and API keys directly into source code, these secrets can make their way to public repos or application packages, then into an attacker’s hands. As microservice architectures and API-centric applications become mainstream, developers often need to exchange credentials and other secrets programmatically. This means that developers can sometimes make mistakes when handling sensitive data.

  • Researchers Unveil New Linux Malware Linked to Chinese Hackers [Ed: It seems possible that right about now, in order to distract from the Microsoft Exchange catastrophe (Microsoft uses xenophobia for blame-passing), they will spam or Googlebomb "Linux" with China malware something]

    Cybersecurity researchers on Wednesday shed light on a new sophisticated backdoor targeting Linux endpoints and servers that's believed to be the work of Chinese nation-state actors.

Feels like distraction

Way to distract from what happened to Microsoft Exchange

Chinese state hackers target Linux systems with new malware

The author worked many years

The author worked many years for Softpedia, so it’s no wonder...

Wow

I did not even remember that...

More FUD

More FUD

  • Linux systems targeted with dangerous new Chinese malware [Ed: Mayank Sharma participates in an apparent attempt to deflect/distract from the Microsoft scandal, which it blames on China instead of its own incompetence. They badmouth Linux using phony non-news and manufactured drama. Shame on them.]

Indian media adopts Microsoft slant that blames "China"

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Programming Leftovers

  • C: sigprocmask Function Usage

    You may have heard about socket programming in C. One of the socket functions is the “sigprocmask” function. This function has been usually utilized in the code to inspect or alter the signal mask of the calling function. The signal mask is a term used for a group of signals that are presently blocked and cannot be conveyed for the calling function. Such kind of signal is known as “Blocked Signals.” You can say that a process can still receive the blocked signals, but it will not be used until they are unblocked and released, i.e., raised. Until then, it will be pending. Therefore, within today’s guide, we will be discussing the use of the sigprocmask function in C programming. Let’s have a start. After the Ubuntu 20.04 successful login, you need to launch the shell of the Ubuntu 20.04 system first after the login. So, try out the “Ctrl+Alt+T” shortcut simply on the desktop screen. It will launch the terminal shell for you in some seconds. Make sure to update your system using the apt package of your system. After that, you have to execute the “touch” instruction along with the file name you want to generate, i.e., to create the C file via the shell. This newly created file can be found in the “home” folder of your system’s file explorer. You can try opening it with the “text” editor to create code in it. Another way to open it in the shell is using the “GNU Nano” editor using the “nano” keyword with a file name as demonstrated beneath.

  • C: sigaction function usage

    A sigaction() is a function that allows to call/observe or examine a specific action associated with a particular signal. It is thought to consider a signal and sigaction function on the same page. But in reality, it has not occurred. The signal() function does not block other signals when the current handler’s execution is under process. At the same time, the sigaction function can block other signals until the current handler has returned.

  • delegation of authority from the systems programming perspective – Ariadne's Space

    As I have been griping on Twitter lately, about how I dislike the design of modern UNIX operating systems, an interesting conversation about object capabilities came up with the author of musl-libc. This conversation caused me to realize that systems programmers don’t really have a understanding of object capabilities, and how they can be used to achieve environments that are aligned with the principle of least authority. In general, I think this is largely because we’ve failed to effectively disseminate the research output in this area to the software engineering community at large — for various reasons, people complete their distributed systems degrees and go to work in decentralized finance, as unfortunately, Coinbase pays better. An unfortunate reality is that the security properties guaranteed by Web3 platforms are built around object capabilities, by necessity – the output of a transaction, which then gets consumed for another transaction, is a form of object capability. And while Web3 is largely a planet-incinerating Ponzi scheme run by grifters, object capabilities are a useful concept for building practical security into real-world systems. Most literature on this topic try to describe these concepts in the framing of, say, driving a car: by default, nobody has permission to drive a given car, so it is compliant with the principle of least authority, meanwhile the car’s key can interface with the ignition, and allow the car to be driven. In this example, the car’s key is an object capability: it is an opaque object, that can be used to acquire the right to drive the car. Afterwards, they usually go on to describe the various aspects of their system without actually discussing why anybody would want this.

  • Pip Install: Install and Remove Python Packages
  • A dog-cat-horse-turtle problem

    Sometimes the text-processing problems posted on Stack Exchange have so many solutions, it's hard to decide which is best. A problem like that was posted in the "Unix & Linux" section in December 2021...

Istio / Announcing Istio 1.12.2

This release fixes the security vulnerability described in our January 18th post, ISTIO-SECURITY-2022-001 as well as a few minor bug fixes to improve robustness. This release note describes what’s different between Istio 1.12.1 and Istio 1.12.2. Read more Also: ISTIO-SECURITY-2022-001

Android Leftovers

Redis vs. MongoDB: What you need to know

Databases are garnering a lot of popularity every day and are used by many organizations for a wide variety of use cases. Many organizations are employing innovative techniques to handle their data storage. These companies often shift between databases to optimize their storage and data mapping according to their business needs. Companies with growing data requirements utilize databases with dynamic functionalities. However, deciding which database is perfect for each of these companies can be very subjective. When it comes to database management, choosing between Redis and MongoDB can be relatively challenging. Read more